Cyber Attacks: Understand what you can control

One of the challenges facing cyber security today is the feeling that a cyber breach is something
that can not be avoided, something that is essentially out of your control. A common
misconception is that – unless you’re a large company with a ton of resources you can devote to
cyber security, intrusion detection, malware scanning, and all the other fancy bells and whistles
– there’s little to nothing you can do to prevent your business from becoming a target.
But that’s where you’re wrong.

Did you know that the largest cyber security threat to small and medium-sized businesses is
actually your own employee or vendor negligence? A recent Ponemon Institute Study found the
top two causes of breaches to be negligent employees or contractors (at 48%) and third-party
mistakes (at 41%). As it turns out, these are two areas where business owners do have some
semblance of control.

BE ON THE LOOKOUT FOR THESE 4 COMMON ATTACKS:

1. While they may look harmless, and even familiar, embedded links and popups that redirect
an employee to an unknown site and ask for personal information are always a red flag.

2. Malware in an email attachment can affect your system once opened by an employee.

3. When an email appears to be from within the company, usually from a CEO or CFO, and
directs an employee to send data or money – it’s almost always a case of email spoofing.

4. Though old school, be aware that attacks may still take place via telephone. Be wary of
anyone who calls asking pointed questions while claiming to be a known vendor or even an
internal employee.

6 TIPS FOR PROTECTING YOUR COMPANY:

1. Talk to your entire staff often about cyber security and implement an onboarding training
session for new and future employees. Remember, the most common form of attack – phishing
or social engineering – is caused by simple human errors. When you make cyber security a
priority – your employees will, too.

2. Teach employees to spot problems by always following these golden rules:
Always verify senders before opening a link in an email. Never click a link or
download an attachment from an unknown sender.
Put a system of checks and balances in place for targeted data that can prevent
email spoofing scams. Any email or website asking for sensitive data such as
banking information, payments to unknown accounts or unknown vendors, and
additional employee data should be verified by more than one employee before
sending anything.

3. Talk to all of your vendors about the cyber security practices they follow and how their
actions may impact your company’s security. Make sure that all of the people with access to
your customer’s data are working as hard to protect it as you are.

4. Always keep all of your systems up to date. Security patches in software are designed to
close the gaps.

5. If employees are using company tools such as phones and computers for personal use, be
sure to educate them about the importance of cyber security. Always require two factor
authentications on every device and system that stores information, and be sure to password
protect all phones and laptops.

6. Get a cyber insurance policy – and don’t underestimate the power of having one. When
all else fails, cyber insurance will be there to help you put the pieces back together if the worst
happens to you, or your company.

In the wake of large scale cyber attacks, such as the ones we’ve seen in the public eye recently,
it’s reasonable to be worried. Will these tips stave off all attacks? No, most certainly not. What
these tips will do, however, is give you peace of mind while harnessing the control you do have.